DeveloperWiki:Managing the Master Key
Prepare your Smartcard
ccid package and start the
pcscd daemon. Insert your smartcard reader and check the output of
Creating the master key
gpg --card-edit. Type in
admin to enabled administration functions. All available commands can now be listed by issuing the
help command. Use the
sex commands to set some unimportant meta data.
To create a new key pair just type in
generate. Create a
3072 bits key and enter your data according to this example:
Real name: Pierre Schmitz Email address: email@example.com Comment: Arch Linux Master Key
Confirm that your USER-ID looks like
"Pierre Schmitz (Arch Linux Master Key) <firstname.lastname@example.org>". Generating the key will take some time.
Signing the master key
Revoking a master key
Signing developer keys
Revoking developer keys
- Using the smartcard generates following errors without any apparent effect:
libusb couldn't open USB device /dev/bus/usb/001/006: Permission denied. libusb requires write access to USB device nodes.
- udev/packaging issue:
udevd: specified group 'pcscd' unknown
- Should we advice to create a backup during key creation or rather not?
- Is the passphrase only used for the backup key?
- Is the public key also stored on the card?
- How should the
urlconfiguration be set?
- What is the impact of setting